Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-04 CVE-2018-10928 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume.
network
low complexity
redhat debian gluster opensuse
8.8
8.8
2018-09-04 CVE-2018-10927 A flaw was found in RPC request using gfs3_lookup_req in glusterfs server.
network
low complexity
redhat debian gluster opensuse
8.1
8.1
2018-09-04 CVE-2018-10926 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server.
network
low complexity
redhat debian gluster opensuse
8.8
8.8
2018-09-04 CVE-2018-10923 It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node.
network
low complexity
gluster redhat debian opensuse
8.1
8.1
2018-09-04 CVE-2018-10911 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values.
network
low complexity
gluster redhat debian opensuse
7.5
7.5
2018-09-04 CVE-2018-10907 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'.
network
low complexity
gluster redhat debian opensuse
8.8
8.8
2018-09-04 CVE-2018-10904 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator.
network
low complexity
gluster redhat debian opensuse
8.8
8.8
2018-09-04 CVE-2018-0675 Code Injection vulnerability in Hibara Attachecase
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors.
local
low complexity
hibara CWE-94
7.8
7.8
2018-09-04 CVE-2018-0674 Code Injection vulnerability in Hibara Attachecase
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors.
local
low complexity
hibara CWE-94
7.8
7.8
2018-09-04 CVE-2018-0656 Untrusted Search Path vulnerability in Sony Digital Paper APP 1.4.0.16050
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
sony CWE-426
7.8
7.8